8.2 Known Problems

There are a small number of known problems documented in the files
‘docs/BUGS’ and ‘docs/TODO’. These will be fixed at some
point in the future. Future problems should be reported via the
cssc Bug Tracker, at http://savannah.gnu.org/bugs/?group=cssc.

There are also some security problems with this code:-

Temporary file races —
cssc opens many temporary files, most of them with very predictable
names. This can be used as a lever for compromising the security of a
system, often by anticipating the name of a file which will be opened at
some point, and creating a symbolic link of the same name. Most of the
temporary files used are created in the same directory as the sccs
file itself. cssc should not be used by the owners of files whose
security is important, especially to control files whose sccs file
is in a world-writable directory. See Filenames.

The sccsdiff program ignores the setting of the TMPDIR
environment variable. Temporary files with predictable names are
created in the /tmp directory.

Setuid execution —
It is common to install an extra set of binaries with the set-user-id
bit turned on in their modes, to allow a specified group of users to
make revisions to some important files. There are many ways in which a
setuid program can be used by malicious users to gain access to the
security privileges of the user as whom a program runs. cssc has
not been reviewed with the relevant security issues in mind. Please do
not install cssc programs with the set-user-id or set-group-id bits
turned on.

Environment variables —
cssc invokes external programs, notably the diff command and
the program specified as the mr validation program. Some
cssc programs (for example sccsdiff) invoke others. This
is done without “cleaning up” the environment, and so this is another
reason not to use the set-user-id bit for cssc programs.
See Environment Variables.

Please refer to the section of the GNU General Public License entitled
“NO WARRANTY” for information regarding the lack of warranty for this
program. cssc is not a secure program, please do not rely
on it to behave in a secure fashion.

Contributions of code or patches to fix these problems are, as always,
gleefully welcomed. Please submit these to the maintainer.

Additionally, there is currently one problem that may not ever be fixed.
This problem occurs only in the prt program when the list of
ignored or excluded deltas is present for a sidbut that list is
empty. In this case sccs prints the ‘Included:’ or
‘Excluded:’ line in its output (with no numbers afterward) and
cssc prints nothing. Since “fixing” this problem would require a
horrible kludge, this has not been done. It is not expected that this
will cause a problem for any users; if this is a problem for you, let
the maintainer know and it will be fixed.